乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-21: 细节已通知厂商并且等待厂商处理中 2015-05-25: 厂商已经确认,细节仅向厂商公开 2015-06-04: 细节向核心白帽子及相关领域专家公开 2015-06-14: 细节向普通白帽子公开 2015-06-24: 细节向实习白帽子公开 2015-07-09: 细节向公众公开
传有马,自己杀
地址http://36.32.160.67:81/license!getExpireDateOfDays.action存在命令执行漏洞
直接进入内网看看
看下端口情况netstat -an
活动连接 协议 本地地址 外部地址 状态 TCP 0.0.0.0:21 0.0.0.0:0 LISTENING TCP 0.0.0.0:81 0.0.0.0:0 LISTENING TCP 0.0.0.0:83 0.0.0.0:0 LISTENING TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:554 0.0.0.0:0 LISTENING TCP 0.0.0.0:556 0.0.0.0:0 LISTENING TCP 0.0.0.0:558 0.0.0.0:0 LISTENING TCP 0.0.0.0:2121 0.0.0.0:0 LISTENING TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING TCP 0.0.0.0:4000 0.0.0.0:0 LISTENING TCP 0.0.0.0:4567 0.0.0.0:0 LISTENING TCP 0.0.0.0:5001 0.0.0.0:0 LISTENING TCP 0.0.0.0:6000 0.0.0.0:0 LISTENING TCP 0.0.0.0:6008 0.0.0.0:0 LISTENING TCP 0.0.0.0:6010 0.0.0.0:0 LISTENING TCP 0.0.0.0:6100 0.0.0.0:0 LISTENING TCP 0.0.0.0:6200 0.0.0.0:0 LISTENING TCP 0.0.0.0:6202 0.0.0.0:0 LISTENING TCP 0.0.0.0:6203 0.0.0.0:0 LISTENING TCP 0.0.0.0:6300 0.0.0.0:0 LISTENING TCP 0.0.0.0:6302 0.0.0.0:0 LISTENING TCP 0.0.0.0:6304 0.0.0.0:0 LISTENING TCP 0.0.0.0:6310 0.0.0.0:0 LISTENING TCP 0.0.0.0:6354 0.0.0.0:0 LISTENING TCP 0.0.0.0:6357 0.0.0.0:0 LISTENING TCP 0.0.0.0:6410 0.0.0.0:0 LISTENING TCP 0.0.0.0:6454 0.0.0.0:0 LISTENING TCP 0.0.0.0:6500 0.0.0.0:0 LISTENING TCP 0.0.0.0:6502 0.0.0.0:0 LISTENING TCP 0.0.0.0:6600 0.0.0.0:0 LISTENING TCP 0.0.0.0:6666 0.0.0.0:0 LISTENING TCP 0.0.0.0:6904 0.0.0.0:0 LISTENING TCP 0.0.0.0:7000 0.0.0.0:0 LISTENING TCP 0.0.0.0:7002 0.0.0.0:0 LISTENING TCP 0.0.0.0:7010 0.0.0.0:0 LISTENING TCP 0.0.0.0:7072 0.0.0.0:0 LISTENING TCP 0.0.0.0:7100 0.0.0.0:0 LISTENING TCP 0.0.0.0:7102 0.0.0.0:0 LISTENING TCP 0.0.0.0:7200 0.0.0.0:0 LISTENING TCP 0.0.0.0:7300 0.0.0.0:0 LISTENING TCP 0.0.0.0:7302 0.0.0.0:0 LISTENING TCP 0.0.0.0:7310 0.0.0.0:0 LISTENING TCP 0.0.0.0:8008 0.0.0.0:0 LISTENING TCP 0.0.0.0:8009 0.0.0.0:0 LISTENING TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING TCP 0.0.0.0:8600 0.0.0.0:0 LISTENING TCP 0.0.0.0:23400 0.0.0.0:0 LISTENING TCP 0.0.0.0:38457 0.0.0.0:0 LISTENING TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING TCP 0.0.0.0:49192 0.0.0.0:0 LISTENING TCP 0.0.0.0:49193 0.0.0.0:0 LISTENING TCP 0.0.0.0:61616 0.0.0.0:0 LISTENING TCP 36.32.160.67:81 36.32.160.67:55641 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55642 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55643 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55644 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55645 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55646 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55647 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55648 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55649 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55650 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55651 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55652 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55653 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55654 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55655 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55656 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55657 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55658 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55659 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55660 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55661 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55662 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55663 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55664 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55665 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55666 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55667 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55668 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55669 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55670 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55671 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55672 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55673 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55674 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55675 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55676 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55677 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55678 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55679 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55680 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55681 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55682 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55683 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55684 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55685 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55686 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55687 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55688 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55689 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55690 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55691 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55692 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55693 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55694 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55695 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55696 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55697 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55698 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55699 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55700 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55701 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55702 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55703 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55704 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55705 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55706 TIME_WAIT TCP 36.32.160.67:81 36.32.160.67:55707 TIME_WAIT TCP 36.
net start
rÒѾÆô¶¯ÒÔÏ Windows ·þÎñ: AlarmServer Apache Tomcat HIKCMS Application Experience Application Host Helper Service Application Management Base Filtering Engine cascade Certificate Propagation COM+ Event System Cryptographic Services DCOM Server Process Launcher DecodeServer Desktop Window Manager Session Manager DHCP Client Diagnostic Policy Service DNS Client Group Policy Client IKE and AuthIP IPsec Keying Modules IP Helper IPsec Policy Agent Mag Server media Microsoft FTP Service MonitorScreen MySQL Network Connections Network List Service Network Location Awareness Network Store Interface Service nms NvrVodServer PAG Plug and Play Power Print Spooler PTZProxyService RecordQueryService Remote Desktop Configuration Remote Desktop Services Remote Desktop Services UserMode Port Redirector Remote Procedure Call (RPC) RPC Endpoint Mapper Security Accounts Manager Server Shell Hardware Detection Software Protection SPP Notification Service System Event Notification Service Task Scheduler TCP/IP NetBIOS Helper User Profile Service VodServer VRB VRMServer VTDU Windows Event Log Windows Firewall Windows Management Instrumentation Windows Presentation Foundation Font Cache 3.0.0.0 Windows Process Activation Service Windows Update Workstation World Wide Web Publishing Service Ö÷¶¯·ÀÓùÃüÁî³É¹¦Íê³É¡£E:\zyrh\tomcat-6.0.35-4.0.43473\webapps\ROOT>
systeminfo
Ö÷»úÃû: WIN-MLH3H2L94B6OS Ãû³Æ: Microsoft Windows Server 2008 R2 Enterprise OS °æ±¾: 6.1.7601 Service Pack 1 Build 7601OS ÖÆÔìÉÌ: Microsoft CorporationOS ÅäÖÃ: ¶ÀÁ¢·þÎñÆ÷OS ¹¹¼þÀàÐÍ: Multiprocessor Free×¢²áµÄËùÓÐÈË: Windows Óû§×¢²áµÄ×éÖ¯: ²úÆ· ID: 00486-001-0001076-84308³õʼ°²×°ÈÕÆÚ: 2013/5/23, 17:02:26ϵͳÆô¶¯Ê±¼ä: 2015/4/14, 9:29:23ϵͳÖÆÔìÉÌ: IBMϵͳÐͺÅ: System x3620 M3 -[7376I28]-ϵͳÀàÐÍ: x64-based PC´¦ÀíÆ÷: °²×°ÁË 1 ¸ö´¦ÀíÆ÷¡£ [01]: Intel64 Family 6 Model 44 Stepping 2 GenuineIntel ~1580 MhzBIOS °æ±¾: IBM Corp. -[HSE120BUS-1.09]-, 2012/2/3Windows Ŀ¼: C:\WindowsϵͳĿ¼: C:\Windows\system32Æô¶¯É豸: \Device\HarddiskVolume1ϵͳÇøÓòÉèÖÃ: zh-cn;ÖÐÎÄ(Öйú)ÊäÈë·¨ÇøÓòÉèÖÃ: zh-cn;ÖÐÎÄ(Öйú)ʱÇø: (UTC+08:00)±±¾©£¬ÖØÇ죬Ïã¸ÛÌرðÐÐÕþÇø£¬ÎÚ³ľÆëÎïÀíÄÚ´æ×ÜÁ¿: 16,373 MB¿ÉÓõÄÎïÀíÄÚ´æ: 321 MBÐéÄâÄÚ´æ: ×î´óÖµ: 32,744 MBÐéÄâÄÚ´æ: ¿ÉÓÃ: 27,582 MBÐéÄâÄÚ´æ: ʹÓÃÖÐ: 5,162 MBÒ³ÃæÎļþλÖÃ: C:\pagefile.sysÓò: WORKGROUPµÇ¼·þÎñÆ÷: ÔÝȱÐÞ²¹³ÌÐò: °²×°ÁË 1 ¸öÐÞ²¹³ÌÐò¡£ [01]: KB976902Íø¿¨: °²×°ÁË 3 ¸ö NIC¡£ [01]: Intel(R) 82575EB Gigabit Network Connection Á¬½ÓÃû: ±¾µØÁ¬½Ó ÆôÓà DHCP: ·ñ IP µØÖ· [01]: 36.32.160.67 [02]: fe80::8931:bb0e:f543:9a8d [02]: Intel(R) 82575EB Gigabit Network Connection Á¬½ÓÃû: ±¾µØÁ¬½Ó 2 ״̬: ûÓÐÓ²¼þ [03]: IBM USB Ô¶³Ì NDIS ÍøÂçÉ豸 Á¬½ÓÃû: ±¾µØÁ¬½Ó 3 ״̬: ûÓÐÓ²¼þE:\zyrh\tomcat-6.0.35-4.0.43473\webapps\ROOT>
系统情况已经清楚完了,再进一步探究内网,感觉没必要了,点到为止,只是测试.
危害等级:高
漏洞Rank:11
确认时间:2015-05-25 18:29
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给安徽分中心,由安徽分中心后续协调网站管理单位处置。
暂无